QualComm TrustZone MasterKeys extracted?

Kindly pointed out by a reader of the blog, laginimaineb has some more research going on for QualComm TrustZone, sounds non-trivial:

[Grr, when I paste an URL of a Twitter tweet, WordPress usually renders it, today, it is not, maybe it will before it posts it, unsure. I’ve extracted the text from the Tweets in case it does not.]

Just managed to extract the Qualcomm KeyMaster keys directly from TrustZone! Writeup coming soon 🙂 (1/2)

And wrote a script to decrypt all keystore keys. This can also be used to bruteforce the FDE passphrase off the device! (2/2)

This specifically is done on the Nexus 6, but I’ve also dabbled w/ the Nexus 5 and Moto X 2nd Gen

https://mobile.twitter.com/laginimaineb/status/737051964857561093
https://mobile.twitter.com/laginimaineb/status/737052350674817024
https://mobile.twitter.com/laginimaineb/status/737185999760052224
https://mobile.twitter.com/laginimaineb/status/737186295655596032
https://mobile.twitter.com/laginimaineb/status/737188674371215360

More info:
https://mobile.twitter.com/laginimaineb
http://bits-please.blogspot.co.il/2016/05/qsee-privilege-escalation-vulnerability.html
http://bits-please.blogspot.co.il/2016/05/qsee-privilege-escalation-vulnerability.html
http://bits-please.blogspot.com/

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s